UCF STIG Viewer Logo

Written user agreements for all users authorized to use the KVM or A/B switch must be maintained.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6675 KVM01.001.00 SV-6823r2_rule PRRB-1 Low
Description
A written user agreement allows the ISSO to be certain the end user that will be using the equipment has been presented with the documentation that explains their duties and responsibilities in relation to the equipment and they have acknowledged that they have read the documentation and understand it. Though there is no guarantee the user will perform as required, it will lessen the problems caused by uninformed users. The ISSO will maintain written user agreements for all users authorized to use the KVM or A/B switch.
STIG Date
Keyboard Video and Mouse Switch STIG 2015-12-09

Details

Check Text ( C-2603r2_chk )
The reviewer will interview the ISSO and view the written agreements.
The agreement will require the user to perform the following.
1. Logging onto an IS.
a. Identify the classification of the IS currently selected.
b. Use the login and passwords appropriate for that IS.
c. Verify the classification of the present IS by checking the classification label/banner.
d. Begin processing.
2. Switching between ISs.
a. Screen lock the IS you are currently working on if the IS supports this capability.
b. Select the desired IS with the switch.
c. Enter your user identifier and password to deactivate the screen lock on the newly selected IS.
d. Verify the classification of the present IS by checking the classification label/banner.
e. Begin processing.

The agreement may state that the user has read and understands the SFUG sections dealing with the KVM switch usage if the SFUG or similar documentation exists. If no documents exist, this is a finding.
Fix Text (F-6257r2_fix)
Develop a user agreement, have each user of KVM or A/B switches sign a user agreement, and keep the signed agreement on file.